[c-nsp] Re: Source address on BGP peering set up

Brian Feeny signal at shreve.net
Mon Jan 17 19:13:36 EST 2005


On Jan 17, 2005, at 5:59 PM, Piltrafilla wrote:

> Hi Brian,
>
> If I correctly understood your explanation, you mean that I should
> replace primary IP address on peering interface, then configuring the
> old IP address on a loopback and finally setting up static routes to
> neighbors to peering interface. Isn't on that way?

Well, what I am saying is, BGP peer with whatever address the router  
wants
to on that interface (primary).  If you are worried because you are  
migrating off that
netblock, then make the BGP peering the last thing you migrate away.   
Or, setup
a loopback with the new space (or at least 1 address of it) and BGP  
peer using that.

And yes, if you do that, you will need eBGP multihop if its a eBGP  
peer, not really a
big deal.

>
> For keeping ARP going on with neighbors, in case they do not have the
> same config as you, I suppose that proxy-arp should be configured. And
> I do not really like that option.
>

I am not saying to get rid of the config completely for the interface.   
Personally
I can't stand secondary addresses, especially when people  have like  
8-10 of them
stacked on an interface........*usually* there is a better way to do  
things.

Do you just have one netblock?  Like if you have a new /19 your  
migrating too, just
get a single /32 out of any block, assign it to the loopback, make sure  
your IGP
redistributes connected, and then you should be ok.

Brian



> Thanks for your reply, :)
>
> On Mon, 17 Jan 2005 10:39:04 -0600, Brian Feeny <signal at shreve.net>  
> wrote:
>>
>> I can understand that you are doing a migration from one network to
>> another.
>> However, there are probably easier ways of doing this.  Migrate the
>> network, and then
>> later migrate the BGP neighbors, in other words, leave them numbered
>> out of legacy space
>> until the last thing.
>>
>> or
>>
>> Use a loopback address on the Cisco, number that out of the new IP
>> space, or just some other
>> IP space, and use that as the update-source.
>>
>> Brian
>>
>> On Jan 17, 2005, at 10:27 AM, Piltrafilla wrote:
>>
>>> Hi people,
>>>
>>> First of all, thank you for all your replies, I'm sorry for the delay
>>> in my answer.
>>>
>>> With your feedback I have tried a BGP peering on my home lab between  
>>> a
>>> Cisco and OpenBSD bgpd:
>>>
>>> Cisco
>>>   primary 10.0.0.1
>>>   secondary 192.168.0.1
>>> OpenBSD
>>>  primary 10.0.0.2
>>>  secondary 192.168.0.2
>>>
>>> On OpenBSD bgpd configuration I have set up local-address for peer
>>> 10.0.0.1:
>>>
>>>    neighbor 10.0.0.1
>>>    {
>>>        local-address           10.0.0.2
>>>        remote-as                65500
>>>    }
>>>
>>> After configuration on both sides, I did a clear ip bgp 192.168.0.2  
>>> on
>>> the Cisco side to force reestablishing the peering as a client
>>> (ephemeral to 179). That's the tcpdump on the OpenBSD side:
>>>
>>> 10.0.0.1.15357 > 192.168.0.2.179: S 2018010072:2018010072(0) win  
>>> 16384
>>> 10.0.0.1.15357 > 192.168.0.2.179: S 2018010072:2018010072(0) win  
>>> 16384
>>>
>>> Although Cisco router has a connected secondary IP to peer
>>> 192.168.0.2, Cisco tries to set up the peering with the primary
>>> address.
>>>
>>> A few seconds later, OpenBSD successfully establishes peering with  
>>> the
>>> Cisco box as a client (ephemeral to 179) because of the possibility  
>>> of
>>> configuring local-address:
>>>
>>> 192.168.0.2.46380 > 192.168.0.1.179: S 957503115:957503115(0) win  
>>> 65535
>>> 192.168.0.1.179 > 192.168.0.2.46380: S 949964186:949964186(0) ack
>>> 957503116 win 16384
>>> 192.168.0.2.46380 > 192.168.0.1.179: . ack 1 win 65535
>>> 192.168.0.2.46380 > 192.168.0.1.179: P 1:40(39) ack 1 win 65535 : BGP
>>> [|BGP OPEN] (DF) [tos 0xc0]
>>>
>>> I know that for many of you, this config could seem in someway really
>>> stupid. That config was thought for a temporary peer migration not  
>>> for
>>> a definitive config.
>>>
>>> Any comments on the results?
>>>
>>> Take Care,
>>>
>>> -- Carlos
>>>
>>> On Fri, 14 Jan 2005 15:34:32 +0000 (GMT), Stephen J. Wilcox
>>> <steve at telecomplete.co.uk> wrote:
>>>> I thought I'd chip in as everyone else has had a go at this..
>>>>
>>>> On Fri, 14 Jan 2005, Piltrafilla wrote:
>>>>
>>>>> Anyone knows how BGP on a Cisco router choose source IP address for
>>>>> peering
>>>>> establishment if no "update-source" command is applied to neighbor?
>>>>> Is it only
>>>>> the primary IP address on the closest interface to neighbor?
>>>>
>>>> update-source will use the primary address, if no update source is
>>>> applied it
>>>> will use the ip on the outgoing interface
>>>>
>>>>> For instance, let's say that you would like to set up a peering
>>>>> using a
>>>>> secondary IP address to between two directly-connected neighbors.  
>>>>> Is
>>>>> it
>>>>> setting up loopbacks, static /32 routes and update-source on the
>>>>> neighbors'
>>>>> config the only way to do it?
>>>>
>>>> no you can just config it like any other ebgp directly connected  
>>>> peer
>>>>
>>>>> On bgpd of OpenBSD you could set up a "local-address" parameter per
>>>>> neighbor or group that sets up source IP address used for that
>>>>> peering. I haven't found any similar parameter on cisco bgp
>>>>> neighbors'
>>>>> config.
>>>>
>>>> it doesnt have it
>>>>
>>>> Steve
>>>>
>>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>> ---------------------------------------------------------------------- 
>> --
>> ------
>> Brian Feeny, CCIE #8036, CISSP          e: signal at shreve.net
>> Network Engineer                                p: 318.213.4709
>> ShreveNet Inc.                                  f: 318.221.6612
>>
>>



More information about the cisco-nsp mailing list